[ubuntu/mantic-proposed] openssl-ibmca 2.4.0-0ubuntu2 (Accepted)

Frank Heimes frank.heimes at canonical.com
Thu Jul 27 16:44:13 UTC 2023 

openssl-ibmca (2.4.0-0ubuntu2) mantic; urgency=medium

  * Add selected commits/patches as requested here: LP: #2027809
    - d/p/lp-2027809-engine-Only-register-those-algos-specified-with-defa.patch
      To set the ENGINE_FLAGS_NO_REGISTER_ALL flag during IBMCA engine
      initialization to avoid unconditional registration of all algorithms.
    - d/p/lp-2027809-provider-rsa-Check-RSA-keys-with-p-q-at-key-generati.patch
      To check and correct RSA keys where p < q (privileged form) right after
      key generation or during import, so that p > q is assured whenever the key
      is used afterwards, and no ica_rsa_crt() correction is applied later on.
    - d/p/lp-2027809-provider-Support-importing-of-RSA-keys-with-just-ME-.patch
      To let an RSA key also contain the private key components in ME format,
      and use ica_rsa_mod_expo() only if the ME components are available.
    - d/p/lp-2027809-provider-RSA-Fix-get_params-to-retrieve-max-size-bit.patch
      To ensure (and fix) that the RSA key management's get_params() function
      is able to return the values for max-size, bits, and security-bits (if
      at least the public key is available).
    - d/p/lp-2027809-provider-Default-debug-directory-to-tmp-but-make-it-.patch
      To change the default log directory from /var/log/ibmca/ to /tmp which is
      world-writable anyway, and to avoid making /var/log/ibmca/ world-
      writable, which can cause security issues, since it's not known under
      which user an application runs that uses the provider.
      With that a world-writable directory under /var is avoided.

Date: Thu, 27 Jul 2023 16:38:43 +0200
Changed-By: Frank Heimes <frank.heimes at canonical.com>
Maintainer: Dimitri John Ledkov <xnox at ubuntu.com>
https://launchpad.net/ubuntu/+source/openssl-ibmca/2.4.0-0ubuntu2
-------------- next part --------------
Format: 1.8
Date: Thu, 27 Jul 2023 16:38:43 +0200
Source: openssl-ibmca
Architecture: source
Version: 2.4.0-0ubuntu2
Distribution: mantic
Urgency: medium
Maintainer: Dimitri John Ledkov <xnox at ubuntu.com>
Changed-By: Frank Heimes <frank.heimes at canonical.com>
Launchpad-Bugs-Fixed: 2027809
Changes:
 openssl-ibmca (2.4.0-0ubuntu2) mantic; urgency=medium
 .
   * Add selected commits/patches as requested here: LP: #2027809
     - d/p/lp-2027809-engine-Only-register-those-algos-specified-with-defa.patch
       To set the ENGINE_FLAGS_NO_REGISTER_ALL flag during IBMCA engine
       initialization to avoid unconditional registration of all algorithms.
     - d/p/lp-2027809-provider-rsa-Check-RSA-keys-with-p-q-at-key-generati.patch
       To check and correct RSA keys where p < q (privileged form) right after
       key generation or during import, so that p > q is assured whenever the key
       is used afterwards, and no ica_rsa_crt() correction is applied later on.
     - d/p/lp-2027809-provider-Support-importing-of-RSA-keys-with-just-ME-.patch
       To let an RSA key also contain the private key components in ME format,
       and use ica_rsa_mod_expo() only if the ME components are available.
     - d/p/lp-2027809-provider-RSA-Fix-get_params-to-retrieve-max-size-bit.patch
       To ensure (and fix) that the RSA key management's get_params() function
       is able to return the values for max-size, bits, and security-bits (if
       at least the public key is available).
     - d/p/lp-2027809-provider-Default-debug-directory-to-tmp-but-make-it-.patch
       To change the default log directory from /var/log/ibmca/ to /tmp which is
       world-writable anyway, and to avoid making /var/log/ibmca/ world-
       writable, which can cause security issues, since it's not known under
       which user an application runs that uses the provider.
       With that a world-writable directory under /var is avoided.
Checksums-Sha1:
 6629840053986cc3be7e9bd1a8e28ad252ee8317 1522 openssl-ibmca_2.4.0-0ubuntu2.dsc
 c7f4615896c90c783e8983bc2091d08de90ba9f4 14956 openssl-ibmca_2.4.0-0ubuntu2.debian.tar.xz
 159b93a11f130d40f9251cfbd63e42ea3229c28e 6734 openssl-ibmca_2.4.0-0ubuntu2_source.buildinfo
Checksums-Sha256:
 6b1d75d0dbe4c5b9a8c3ef69a49d5101818afb798a8c6582d692dd6ce7530f32 1522 openssl-ibmca_2.4.0-0ubuntu2.dsc
 d9ff95a877c41e601e1676b61fea2f8132a52cb04d40c10f541509e554857606 14956 openssl-ibmca_2.4.0-0ubuntu2.debian.tar.xz
 e96bedec82969254b9524939b8fc935c967bb24417d1a7fcbfca54bd8123876d 6734 openssl-ibmca_2.4.0-0ubuntu2_source.buildinfo
Files:
 4823972f675e01973669a24f42c55f4c 1522 libs optional openssl-ibmca_2.4.0-0ubuntu2.dsc
 4af55f4fd71eb38dc56e39f259d0e168 14956 libs optional openssl-ibmca_2.4.0-0ubuntu2.debian.tar.xz
 c0e7a5bad63f8fb3cae4983d157d43db 6734 libs optional openssl-ibmca_2.4.0-0ubuntu2_source.buildinfo

More information about the mantic-changes mailing list